Our Approach to Employee Security Training

PagerDuty recently completed its third annual security training, designed to be more engaging and effective than traditional security courses. The training consists of two sessions: one for all employees, covering social engineering, password management, and data handling, and another for engineering teams, focusing on vulnerabilities and their mitigation. Dissatisfied with conventional training methods, which often feel tedious and ineffective, PagerDuty developed its own program emphasizing the importance of understanding the reasons behind security practices. This approach included interactive elements like live password-cracking demonstrations and real-world phishing examples, making the training accessible and engaging for all skill levels. The training also incorporated humor to maintain interest. Feedback was overwhelmingly positive, with many employees adopting better security practices, such as using password managers. However, some attendees noted the material's repetitive nature and length as areas needing improvement. In response, PagerDuty plans to offer shorter refresher courses in the future. The company has also open-sourced its security training materials, allowing the broader community to benefit from its approach.